PDA

View Full Version : fssm32.exe using lots of cpu...please help ;)



lt1bird
2009-05-28, 01:06
HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:04:21 PM, on 5/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe
C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE
C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Creative Home\Hallmark Card Studio Express\Planner\PLNRnote.exe
C:\Program Files\Virtual Assistant\bin\mpbtn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe
C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE
C:\Program Files\EMBARQ Online Security\Common\FSMB32.EXE
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\EMBARQ Online Security\Common\FCH32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\oem\msaspgh\msaspghost.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\EMBARQ Online Security\Anti-Virus\fsqh.exe
C:\Program Files\EMBARQ Online Security\Common\FAMEH32.EXE
C:\Program Files\EMBARQ Online Security\FSPC\fspc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\EMBARQ Online Security\FSGUI\fsguidll.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe
C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe
C:\Program Files\EMBARQ Online Security\FSAUA\program\fsus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\EMBARQ Online Security\Anti-Virus\fsav32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\corbo\Desktop\HiJackThis.exe
C:\Program Files\EMBARQ Online Security\Anti-Virus\FSGK32.EXE
C:\Program Files\EMBARQ Online Security\Anti-Virus\fssm32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myembarq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.Ricavision.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\EMBARQ Online Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [36132848641070256513766439578036] C:\Program Files\Antivirus 2009\av2009.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: ExpressPLNRnote.lnk = C:\Program Files\Creative Home\Hallmark Card Studio Express\Planner\PLNRnote.exe
O4 - Global Startup: Virtual Assistant.lnk = C:\Program Files\Virtual Assistant\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\OUTLOO~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\EMBARQ Online Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\EMBARQ Online Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\EMBARQ Online Security\FSPC\fspcmsie.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OUTLOO~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.Ricavision.com
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\ORSP Client\fsorsp.exe
O23 - Service: Google Update Service (gupdate1c994391bd90efd) (gupdate1c994391bd90efd) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: MSAS Plugin Host Service (MSASPGHost) - OEM - c:\program files\oem\msaspgh\msaspghost.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9511 bytes

Blade81
2009-05-28, 18:09
Hi,

Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.

lt1bird
2009-05-28, 20:55
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/30/2006 1:56:11 AM
System Uptime: 5/28/2009 1:46:55 PM (0 hours ago)

Motherboard: AOpen | | UX945G
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Socket 775 | 2800/200mhz
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Socket 775 | 2800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 230 GiB total, 213.846 GiB free.
D: is CDROM ()
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP388: 2/27/2009 8:53:33 PM - System Checkpoint
RP389: 3/1/2009 10:35:36 PM - System Checkpoint
RP390: 3/3/2009 7:14:24 PM - System Checkpoint
RP391: 3/6/2009 7:55:11 PM - System Checkpoint
RP392: 3/7/2009 8:32:17 PM - System Checkpoint
RP393: 3/8/2009 9:56:09 PM - System Checkpoint
RP394: 3/9/2009 10:32:55 PM - System Checkpoint
RP395: 3/11/2009 10:21:55 AM - System Checkpoint
RP396: 3/12/2009 5:09:17 PM - System Checkpoint
RP397: 3/14/2009 10:08:14 AM - System Checkpoint
RP398: 3/15/2009 10:10:40 AM - System Checkpoint
RP399: 3/16/2009 11:46:18 AM - System Checkpoint
RP400: 3/17/2009 1:33:01 PM - System Checkpoint
RP401: 3/18/2009 1:43:01 PM - System Checkpoint
RP402: 3/19/2009 3:16:34 PM - System Checkpoint
RP403: 3/21/2009 9:29:35 AM - System Checkpoint
RP404: 3/22/2009 10:47:53 AM - System Checkpoint
RP405: 3/23/2009 2:02:46 PM - System Checkpoint
RP406: 3/24/2009 3:13:59 PM - System Checkpoint
RP407: 3/25/2009 4:00:15 PM - System Checkpoint
RP408: 3/27/2009 9:46:43 AM - System Checkpoint
RP409: 3/29/2009 11:11:28 AM - System Checkpoint
RP410: 3/30/2009 12:49:01 PM - System Checkpoint
RP411: 3/31/2009 1:23:56 PM - System Checkpoint
RP412: 4/2/2009 8:20:36 AM - System Checkpoint
RP413: 4/3/2009 4:26:18 PM - System Checkpoint
RP414: 4/4/2009 5:07:01 PM - System Checkpoint
RP415: 4/5/2009 8:13:02 PM - Removed Google Earth Plugin.
RP416: 4/6/2009 8:20:37 PM - System Checkpoint
RP417: 4/8/2009 10:39:36 AM - System Checkpoint
RP418: 4/9/2009 10:43:46 AM - System Checkpoint
RP419: 4/10/2009 11:45:31 AM - System Checkpoint
RP420: 4/11/2009 12:55:26 PM - System Checkpoint
RP421: 4/14/2009 3:34:49 PM - System Checkpoint
RP422: 4/16/2009 9:35:20 AM - System Checkpoint
RP423: 4/17/2009 12:13:00 PM - System Checkpoint
RP424: 4/18/2009 12:37:32 PM - System Checkpoint
RP425: 4/19/2009 1:01:54 PM - System Checkpoint
RP426: 4/21/2009 8:18:08 AM - System Checkpoint
RP427: 4/25/2009 7:14:10 PM - System Checkpoint
RP428: 4/26/2009 7:20:06 PM - System Checkpoint
RP429: 4/27/2009 7:31:24 PM - System Checkpoint
RP430: 4/28/2009 8:24:30 PM - System Checkpoint
RP431: 4/30/2009 9:35:57 AM - System Checkpoint
RP432: 4/30/2009 7:26:44 PM - psc 8.02 build 109 Installation
RP433: 5/1/2009 7:49:26 PM - System Checkpoint
RP434: 5/3/2009 9:41:07 AM - System Checkpoint
RP435: 5/4/2009 10:56:00 AM - System Checkpoint
RP436: 5/6/2009 9:02:11 AM - System Checkpoint
RP437: 5/7/2009 9:02:40 AM - System Checkpoint
RP438: 5/8/2009 9:59:29 AM - System Checkpoint
RP439: 5/9/2009 10:39:49 AM - System Checkpoint
RP440: 5/10/2009 12:52:29 PM - System Checkpoint
RP441: 5/12/2009 8:40:29 AM - System Checkpoint
RP442: 5/13/2009 2:58:16 PM - System Checkpoint
RP443: 5/15/2009 12:54:37 PM - System Checkpoint
RP444: 5/17/2009 10:59:04 AM - System Checkpoint
RP445: 5/18/2009 11:01:29 AM - System Checkpoint
RP446: 5/19/2009 6:12:01 PM - System Checkpoint
RP447: 5/20/2009 6:35:46 PM - System Checkpoint
RP448: 5/21/2009 7:43:14 PM - System Checkpoint
RP449: 5/24/2009 11:59:14 AM - System Checkpoint
RP450: 5/25/2009 2:40:05 PM - System Checkpoint
RP451: 5/27/2009 8:15:31 AM - System Checkpoint
RP452: 5/28/2009 6:56:06 AM - Removed Google Earth Plugin.

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Deskbar
AOL Toolbar
AOL Uninstaller
AOL You've Got Pictures Screensaver
AOpen VA2000 WDM Drivers
Apple Software Update
ArcSoft TotalMedia Extreme
EMBARQ Help
EMBARQ® Online Security
GolfLogix Course Manager 1.2
Google Earth
Google Earth Plugin
Google Earth Pro
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hallmark Card Studio Express
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB888795)
Java(TM) 6 Update 3
Lexmark 3400 Series
Lexmark Fax Solutions
Lexmark Toolbar
Linksys EasyLink Advisor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Works
MSASPGH
MSXML 6.0 Parser (KB925673)
Nero Suite
Netflix Movie Viewer
Norton Security Scan
Norton Security Scan (Symantec Corporation)
NVIDIA Drivers
PL-2303 USB-to-Serial
PowerDVD
Pure Networks Platform
Quicken 2006
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
Spybot - Search & Destroy
Ulead PhotoImpact 4.0
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
Viewpoint Media Player
WebFldrs XP
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB891220
Windows XP Hotfix - KB892627
Windows XP Hotfix - KB893056
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB890629
Windows XP Media Center Edition 2005 KB890760
Windows XP Media Center Edition 2005 KB895678
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

5/27/2009 5:35:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
5/27/2009 5:35:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/27/2009 5:33:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
5/27/2009 5:33:34 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2009 5:33:34 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2009 5:33:34 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2009 5:33:34 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2009 5:32:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
5/27/2009 5:32:56 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/27/2009 4:39:27 PM, error: Print [6161] - The document http://www.geekstogo.com/forum/fssm32-exe-taking-all-CPU-resolv owned by corbo failed to print on printer Lexmark 3400 Series. Data type: LEMF. Size of the spool file in bytes: 578368. Number of bytes printed: 578368. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\DAN. Win32 error code returned by the print processor: 0 (0x0).

==== End Of File ===========================



--------------------------------------------------------------------------

dss

DDS (Ver_09-05-14.01) - NTFSx86
Run by corbo at 13:52:18.84 on Thu 05/28/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.377 [GMT -4:00]

AV: EMBARQ® Online Security 8.02 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: EMBARQ® Online Security 8.02 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Creative Home\Hallmark Card Studio Express\Planner\PLNRnote.exe
C:\Program Files\Virtual Assistant\bin\mpbtn.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe
C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE
C:\Program Files\EMBARQ Online Security\Common\FSMB32.EXE
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\EMBARQ Online Security\Common\FCH32.EXE
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\oem\msaspgh\msaspghost.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\EMBARQ Online Security\Anti-Virus\fsqh.exe
C:\Program Files\EMBARQ Online Security\Common\FAMEH32.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\EMBARQ Online Security\FSPC\fspc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\EMBARQ Online Security\FSGUI\fsguidll.exe
C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe
C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe
C:\Program Files\EMBARQ Online Security\FSAUA\program\fsus.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\EMBARQ Online Security\Anti-Virus\fsav32.exe
C:\Documents and Settings\corbo\Local Settings\Temporary Internet Files\Content.IE5\HWL63YNN\dds[2].com
C:\Program Files\EMBARQ Online Security\Anti-Virus\FSGK32.EXE
C:\Program Files\EMBARQ Online Security\Anti-Virus\fssm32.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://myembarq.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.Ricavision.com
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [36132848641070256513766439578036] c:\program files\antivirus 2009\av2009.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [<NO NAME>]
mRun: [lxcymon.exe] "c:\program files\lexmark 3400 series\lxcymon.exe"
mRun: [EzPrint] "c:\program files\lexmark 3400 series\ezprint.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [LXCYCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCYtime.dll,_RunDLLEntry@16
mRun: [Motive SmartBridge] c:\progra~1\virtua~1\smartb~1\SprintDSLAlert.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [LELA] "c:\program files\linksys\linksys easylink advisor\Linksys EasyLink Advisor.exe" /minimized
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [F-Secure Manager] "c:\program files\embarq online security\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\embarq online security\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\expres~1.lnk - c:\program files\creative home\hallmark card studio express\planner\PLNRnote.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\virtua~1.lnk - c:\program files\virtual assistant\bin\matcli.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\outloo~1\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {200DB664-75B5-47c0-8B45-A44ACCF73C00} - {D68926FD-18FD-4B0E-A1C7-917D13FAB760} - c:\program files\embarq online security\fspc\fspcmsie.dll
IE: {200DB664-75B5-47c0-8B45-A44ACCF73F01} - {D68926FD-18FD-4B0E-A1C7-917D13FAB760} - c:\program files\embarq online security\fspc\fspcmsie.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\outloo~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\embarq online security\fsps\program\FSLSP.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll

============= SERVICES / DRIVERS ===============

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-4-30 33408]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2007-4-26 79872]
R1 CXAVSAUD;AOpen VA2000 Audio Capture;c:\windows\system32\drivers\cxavsaud.sys [2005-8-17 9856]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\embarq online security\hips\drivers\fshs.sys [2009-4-30 67808]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\embarq online security\anti-virus\fsgk32st.exe [2007-4-26 215648]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-4-18 204800]
R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
R2 MSASPGHost;MSAS Plugin Host Service;c:\program files\oem\msaspgh\MSASPGHost.exe [2004-9-9 49152]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\embarq online security\anti-virus\minifilter\fsgk.sys [2007-4-26 84608]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\embarq online security\orsp client\fsorsp.exe [2009-4-30 55904]
S2 gupdate1c994391bd90efd;Google Update Service (gupdate1c994391bd90efd);c:\program files\google\update\GoogleUpdate.exe [2009-2-21 133104]
S3 Slnt7554;USB Soft Modem Driver;c:\windows\system32\drivers\slnt7554.sys [2007-1-15 129535]
S3 udfpt;udfpt;c:\windows\system32\drivers\udfpt.sys --> c:\windows\system32\drivers\udfpt.sys [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\embarq online security\anti-virus\win2k\fsfilter.sys [2007-4-26 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\embarq online security\anti-virus\win2k\fsrec.sys [2007-4-26 25184]

=============== Created Last 30 ================

2009-05-27 16:47 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-05-27 16:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-04-30 19:28 33,408 a------- c:\windows\system32\drivers\fsbts.sys

==================== Find3M ====================

2009-05-13 15:44 4,830 a------- c:\docume~1\corbo\applic~1\wklnhst.dat
2009-04-06 11:29 79,872 a------- c:\windows\system32\drivers\fsdfw.sys

============= FINISH: 13:52:41.79 ===============

Blade81
2009-05-28, 22:41
Let's continue.

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

lt1bird
2009-05-29, 02:04
combofix log:

ComboFix 09-05-28.01 - corbo 05/28/2009 18:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.695 [GMT -4:00]
Running from: c:\documents and settings\corbo\Desktop\ComboFix.exe
AV: EMBARQ® Online Security 8.02 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: EMBARQ® Online Security 8.02 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt

.
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-28 )))))))))))))))))))))))))))))))
.

2009-05-27 21:18 . 2009-05-27 21:18 -------- d-----w c:\windows\Sun
2009-05-27 20:47 . 2009-05-27 20:51 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-27 20:47 . 2009-05-27 20:51 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-30 23:28 . 2009-04-30 23:28 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\F-Secure
2009-04-30 23:28 . 2009-04-30 23:40 33408 ----a-w c:\windows\system32\drivers\fsbts.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-28 21:57 . 2007-04-11 22:14 -------- d-----w c:\program files\lx_cats
2009-05-28 19:00 . 2007-04-26 23:39 -------- d-----w c:\program files\EMBARQ Online Security
2009-05-28 11:36 . 2007-08-01 16:48 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-28 11:33 . 2008-10-28 13:27 -------- d-----w c:\program files\Norton Security Scan
2009-05-28 10:56 . 2007-07-31 00:22 -------- d-----w c:\program files\Google
2009-05-28 01:22 . 2007-07-31 00:22 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-05-13 19:44 . 2007-01-11 03:58 4830 ----a-w c:\documents and settings\corbo\Application Data\wklnhst.dat
2009-04-30 23:24 . 2008-03-19 00:19 -------- d-----w c:\documents and settings\All Users\Application Data\fssg
2009-04-30 23:24 . 2007-04-26 23:56 -------- d-----w c:\documents and settings\All Users\Application Data\F-Secure
2009-04-06 15:29 . 2007-04-26 23:56 79872 ----a-w c:\windows\system32\drivers\fsdfw.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-02-24 86016]
"lxcymon.exe"="c:\program files\Lexmark 3400 Series\lxcymon.exe" [2007-01-11 291760]
"EzPrint"="c:\program files\Lexmark 3400 Series\ezprint.exe" [2006-11-29 82864]
"LXCYCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-11-21 106496]
"Motive SmartBridge"="c:\progra~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe" [2008-04-23 438359]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
"F-Secure Manager"="c:\program files\EMBARQ Online Security\Common\FSM32.EXE" [2009-04-06 182936]
"F-Secure TNB"="c:\program files\EMBARQ Online Security\FSGUI\TNBUtil.exe" [2009-04-06 957024]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-08 61952]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ExpressPLNRnote.lnk.disabled [2007-5-8 1950]
Virtual Assistant.lnk.disabled [2007-5-8 1765]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave2"= serwvdrv.dll
"wave3"= serwvdrv.dll
"wave4"= serwvdrv.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"36132848641070256513766439578036"=c:\program files\Antivirus 2009\av2009.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Alcmtr"=ALCMTR.EXE
"AOLDialer"=c:\program files\Common Files\AOL\ACS\AOLDial.exe
"ehTray"=c:\windows\ehome\ehtray.exe
"HostManager"=c:\program files\Common Files\AOL\1168488503\ee\AOLSoftware.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"USSShReg"=c:\progra~1\ULEADS~1\ULEADP~1\SSaver\Ussshreg.exe /r
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe"
"RTHDCPL"=RTHDCPL.EXE
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"RealTray"=c:\program files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"nwiz"=nwiz.exe /install
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" /s

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1168488503\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\WINDOWS\\system32\\lxcycoms.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [4/30/2009 7:28 PM 33408]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [4/26/2007 7:56 PM 79872]
R1 CXAVSAUD;AOpen VA2000 Audio Capture;c:\windows\system32\drivers\cxavsaud.sys [8/17/2005 7:53 PM 9856]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\EMBARQ Online Security\HIPS\drivers\fshs.sys [4/30/2009 7:27 PM 67808]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [4/18/2008 5:30 AM 204800]
R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
R2 MSASPGHost;MSAS Plugin Host Service;c:\program files\OEM\MSASPGH\MSASPGHost.exe [9/9/2004 6:43 PM 49152]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\EMBARQ Online Security\Anti-Virus\minifilter\fsgk.sys [4/26/2007 7:55 PM 84608]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\EMBARQ Online Security\ORSP Client\fsorsp.exe [4/30/2009 7:27 PM 55904]
S2 gupdate1c994391bd90efd;Google Update Service (gupdate1c994391bd90efd);c:\program files\Google\Update\GoogleUpdate.exe [2/21/2009 11:28 AM 133104]
S3 Slnt7554;USB Soft Modem Driver;c:\windows\system32\drivers\slnt7554.sys [1/15/2007 8:10 PM 129535]
S3 udfpt;udfpt;c:\windows\system32\drivers\udfpt.sys --> c:\windows\system32\drivers\udfpt.sys [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\EMBARQ Online Security\Anti-Virus\win2k\fsfilter.sys [4/26/2007 7:55 PM 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\EMBARQ Online Security\Anti-Virus\win2k\fsrec.sys [4/26/2007 7:55 PM 25184]
.
Contents of the 'Scheduled Tasks' folder

2009-05-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]

2009-05-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-31 16:17]

2009-05-28 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 15:28]

2009-05-28 c:\windows\Tasks\Norton Security Scan for corbo.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 01:20]

2009-05-28 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\EMBARQ~1\ANTI-V~1\fsav.exe [2007-04-26 15:28]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://myembarq.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\OUTLOO~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\EMBARQ Online Security\FSPS\program\FSLSP.DLL
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-28 18:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCYCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\program files\EMBARQ Online Security\FWES\Program\fsdc32.dll

- - - - - - - > 'lsass.exe'(768)
c:\program files\EMBARQ Online Security\FSPS\program\FSLSP.DLL
c:\program files\EMBARQ Online Security\FWES\Program\fsdc32.dll

- - - - - - - > 'csrss.exe'(688)
c:\program files\EMBARQ Online Security\FWES\Program\fsdc32.dll
.
Completion time: 2009-05-28 18:52
ComboFix-quarantined-files.txt 2009-05-28 22:52

Pre-Run: 229,487,894,528 bytes free
Post-Run: 233,798,340,608 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

171


----------------------------------------------------------
dss

DDS (Ver_09-05-14.01) - NTFSx86
Run by corbo at 19:00:51.71 on Thu 05/28/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.592 [GMT -4:00]

AV: EMBARQ® Online Security 8.02 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: EMBARQ® Online Security 8.02 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe
C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe
C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE
C:\Program Files\EMBARQ Online Security\Common\FSMB32.EXE
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\EMBARQ Online Security\Common\FCH32.EXE
c:\program files\oem\msaspgh\msaspghost.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\EMBARQ Online Security\Common\FAMEH32.EXE
C:\Program Files\EMBARQ Online Security\Anti-Virus\fsqh.exe
C:\Program Files\EMBARQ Online Security\FSPC\fspc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe
C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe
C:\Program Files\EMBARQ Online Security\FSAUA\program\fsus.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\EMBARQ Online Security\Anti-Virus\FSGK32.EXE
C:\Program Files\EMBARQ Online Security\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\corbo\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://myembarq.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [lxcymon.exe] "c:\program files\lexmark 3400 series\lxcymon.exe"
mRun: [EzPrint] "c:\program files\lexmark 3400 series\ezprint.exe"
mRun: [LXCYCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCYtime.dll,_RunDLLEntry@16
mRun: [Motive SmartBridge] c:\progra~1\virtua~1\smartb~1\SprintDSLAlert.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [LELA] "c:\program files\linksys\linksys easylink advisor\Linksys EasyLink Advisor.exe" /minimized
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [F-Secure Manager] "c:\program files\embarq online security\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\embarq online security\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\ExpressPLNRnote.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Virtual Assistant.lnk.disabled
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\outloo~1\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {200DB664-75B5-47c0-8B45-A44ACCF73C00} - {D68926FD-18FD-4B0E-A1C7-917D13FAB760} - c:\program files\embarq online security\fspc\fspcmsie.dll
IE: {200DB664-75B5-47c0-8B45-A44ACCF73F01} - {D68926FD-18FD-4B0E-A1C7-917D13FAB760} - c:\program files\embarq online security\fspc\fspcmsie.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\outloo~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\embarq online security\fsps\program\FSLSP.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll

============= SERVICES / DRIVERS ===============

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-4-30 33408]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2007-4-26 79872]
R1 CXAVSAUD;AOpen VA2000 Audio Capture;c:\windows\system32\drivers\cxavsaud.sys [2005-8-17 9856]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\embarq online security\hips\drivers\fshs.sys [2009-4-30 67808]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\embarq online security\anti-virus\fsgk32st.exe [2007-4-26 215648]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-4-18 204800]
R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
R2 MSASPGHost;MSAS Plugin Host Service;c:\program files\oem\msaspgh\MSASPGHost.exe [2004-9-9 49152]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\embarq online security\anti-virus\minifilter\fsgk.sys [2007-4-26 84608]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\embarq online security\orsp client\fsorsp.exe [2009-4-30 55904]
S2 gupdate1c994391bd90efd;Google Update Service (gupdate1c994391bd90efd);c:\program files\google\update\GoogleUpdate.exe [2009-2-21 133104]
S3 Slnt7554;USB Soft Modem Driver;c:\windows\system32\drivers\slnt7554.sys [2007-1-15 129535]
S3 udfpt;udfpt;c:\windows\system32\drivers\udfpt.sys --> c:\windows\system32\drivers\udfpt.sys [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\embarq online security\anti-virus\win2k\fsfilter.sys [2007-4-26 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\embarq online security\anti-virus\win2k\fsrec.sys [2007-4-26 25184]

=============== Created Last 30 ================

2009-05-28 18:43 <DIR> a-dshr-- C:\cmdcons
2009-05-28 18:42 161,792 a------- c:\windows\SWREG.exe
2009-05-28 18:42 154,624 a------- c:\windows\PEV.exe
2009-05-28 18:42 98,816 a------- c:\windows\sed.exe
2009-05-28 18:41 <DIR> --ds---- C:\ComboFix
2009-05-27 16:47 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-05-27 16:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-04-30 19:28 33,408 a------- c:\windows\system32\drivers\fsbts.sys

==================== Find3M ====================

2009-05-13 15:44 4,830 a------- c:\docume~1\corbo\applic~1\wklnhst.dat
2009-04-06 11:29 79,872 a------- c:\windows\system32\drivers\fsdfw.sys

============= FINISH: 19:01:01.07 ===============




------------------------------------------------------------------------
attach

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/30/2006 1:56:11 AM
System Uptime: 5/28/2009 2:36:24 PM (5 hours ago)

Motherboard: AOpen | | UX945G
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Socket 775 | 2800/200mhz
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Socket 775 | 2800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 230 GiB total, 217.775 GiB free.
D: is CDROM ()
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP388: 2/27/2009 8:53:33 PM - System Checkpoint
RP389: 3/1/2009 10:35:36 PM - System Checkpoint
RP390: 3/3/2009 7:14:24 PM - System Checkpoint
RP391: 3/6/2009 7:55:11 PM - System Checkpoint
RP392: 3/7/2009 8:32:17 PM - System Checkpoint
RP393: 3/8/2009 9:56:09 PM - System Checkpoint
RP394: 3/9/2009 10:32:55 PM - System Checkpoint
RP395: 3/11/2009 10:21:55 AM - System Checkpoint
RP396: 3/12/2009 5:09:17 PM - System Checkpoint
RP397: 3/14/2009 10:08:14 AM - System Checkpoint
RP398: 3/15/2009 10:10:40 AM - System Checkpoint
RP399: 3/16/2009 11:46:18 AM - System Checkpoint
RP400: 3/17/2009 1:33:01 PM - System Checkpoint
RP401: 3/18/2009 1:43:01 PM - System Checkpoint
RP402: 3/19/2009 3:16:34 PM - System Checkpoint
RP403: 3/21/2009 9:29:35 AM - System Checkpoint
RP404: 3/22/2009 10:47:53 AM - System Checkpoint
RP405: 3/23/2009 2:02:46 PM - System Checkpoint
RP406: 3/24/2009 3:13:59 PM - System Checkpoint
RP407: 3/25/2009 4:00:15 PM - System Checkpoint
RP408: 3/27/2009 9:46:43 AM - System Checkpoint
RP409: 3/29/2009 11:11:28 AM - System Checkpoint
RP410: 3/30/2009 12:49:01 PM - System Checkpoint
RP411: 3/31/2009 1:23:56 PM - System Checkpoint
RP412: 4/2/2009 8:20:36 AM - System Checkpoint
RP413: 4/3/2009 4:26:18 PM - System Checkpoint
RP414: 4/4/2009 5:07:01 PM - System Checkpoint
RP415: 4/5/2009 8:13:02 PM - Removed Google Earth Plugin.
RP416: 4/6/2009 8:20:37 PM - System Checkpoint
RP417: 4/8/2009 10:39:36 AM - System Checkpoint
RP418: 4/9/2009 10:43:46 AM - System Checkpoint
RP419: 4/10/2009 11:45:31 AM - System Checkpoint
RP420: 4/11/2009 12:55:26 PM - System Checkpoint
RP421: 4/14/2009 3:34:49 PM - System Checkpoint
RP422: 4/16/2009 9:35:20 AM - System Checkpoint
RP423: 4/17/2009 12:13:00 PM - System Checkpoint
RP424: 4/18/2009 12:37:32 PM - System Checkpoint
RP425: 4/19/2009 1:01:54 PM - System Checkpoint
RP426: 4/21/2009 8:18:08 AM - System Checkpoint
RP427: 4/25/2009 7:14:10 PM - System Checkpoint
RP428: 4/26/2009 7:20:06 PM - System Checkpoint
RP429: 4/27/2009 7:31:24 PM - System Checkpoint
RP430: 4/28/2009 8:24:30 PM - System Checkpoint
RP431: 4/30/2009 9:35:57 AM - System Checkpoint
RP432: 4/30/2009 7:26:44 PM - psc 8.02 build 109 Installation
RP433: 5/1/2009 7:49:26 PM - System Checkpoint
RP434: 5/3/2009 9:41:07 AM - System Checkpoint
RP435: 5/4/2009 10:56:00 AM - System Checkpoint
RP436: 5/6/2009 9:02:11 AM - System Checkpoint
RP437: 5/7/2009 9:02:40 AM - System Checkpoint
RP438: 5/8/2009 9:59:29 AM - System Checkpoint
RP439: 5/9/2009 10:39:49 AM - System Checkpoint
RP440: 5/10/2009 12:52:29 PM - System Checkpoint
RP441: 5/12/2009 8:40:29 AM - System Checkpoint
RP442: 5/13/2009 2:58:16 PM - System Checkpoint
RP443: 5/15/2009 12:54:37 PM - System Checkpoint
RP444: 5/17/2009 10:59:04 AM - System Checkpoint
RP445: 5/18/2009 11:01:29 AM - System Checkpoint
RP446: 5/19/2009 6:12:01 PM - System Checkpoint
RP447: 5/20/2009 6:35:46 PM - System Checkpoint
RP448: 5/21/2009 7:43:14 PM - System Checkpoint
RP449: 5/24/2009 11:59:14 AM - System Checkpoint
RP450: 5/25/2009 2:40:05 PM - System Checkpoint
RP451: 5/27/2009 8:15:31 AM - System Checkpoint
RP452: 5/28/2009 6:56:06 AM - Removed Google Earth Plugin.

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Deskbar
AOL Toolbar
AOL Uninstaller
AOL You've Got Pictures Screensaver
AOpen VA2000 WDM Drivers
Apple Software Update
ArcSoft TotalMedia Extreme
EMBARQ Help
EMBARQ® Online Security
GolfLogix Course Manager 1.2
Google Earth
Google Earth Plugin
Google Earth Pro
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hallmark Card Studio Express
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB888795)
Java(TM) 6 Update 3
Lexmark 3400 Series
Lexmark Fax Solutions
Lexmark Toolbar
Linksys EasyLink Advisor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Works
MSASPGH
MSXML 6.0 Parser (KB925673)
Nero Suite
Netflix Movie Viewer
Norton Security Scan
Norton Security Scan (Symantec Corporation)
NVIDIA Drivers
PL-2303 USB-to-Serial
PowerDVD
Pure Networks Platform
Quicken 2006
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
Spybot - Search & Destroy
Ulead PhotoImpact 4.0
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
Viewpoint Media Player
WebFldrs XP
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB891220
Windows XP Hotfix - KB892627
Windows XP Hotfix - KB893056
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB890629
Windows XP Media Center Edition 2005 KB890760
Windows XP Media Center Edition 2005 KB895678
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

5/28/2009 6:47:25 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
5/27/2009 5:35:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
5/27/2009 5:35:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/27/2009 5:33:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
5/27/2009 5:33:34 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2009 5:33:34 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2009 5:33:34 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2009 5:33:34 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2009 5:32:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
5/27/2009 5:32:56 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/27/2009 4:39:27 PM, error: Print [6161] - The document http://www.geekstogo.com/forum/fssm32-exe-taking-all-CPU-resolv owned by corbo failed to print on printer Lexmark 3400 Series. Data type: LEMF. Size of the spool file in bytes: 578368. Number of bytes printed: 578368. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\DAN. Win32 error code returned by the print processor: 0 (0x0).

==== End Of File ===========================

Blade81
2009-05-29, 17:31
Hi again,

Open notepad and copy/paste the text in the quotebox below into it:



Driver::
udfpt

File::
c:\windows\system32\drivers\udfpt.sys



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Uninstall old Adobe Reader versions and get the latest one here (http://www.filehippo.com/download_adobe_reader/) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 13 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.

The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version. Uncheck MSN toolbar if it's offered there.



Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

lt1bird
2009-05-29, 21:58
was working perfect after first combofix was run....now its doing it again after the second combofix was run.

Combofix log:
ComboFix 09-05-28.01 - corbo 05/29/2009 14:39.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.616 [GMT -4:00]
Running from: c:\documents and settings\corbo\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\corbo\Desktop\CFSCRIPT.txt
AV: EMBARQ® Online Security 8.02 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: EMBARQ® Online Security 8.02 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}

FILE ::
"c:\windows\system32\drivers\udfpt.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_udfpt


((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-29 )))))))))))))))))))))))))))))))
.

2009-05-27 21:18 . 2009-05-27 21:18 -------- d-----w c:\windows\Sun
2009-05-27 20:47 . 2009-05-27 20:51 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-27 20:47 . 2009-05-27 20:51 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-30 23:28 . 2009-04-30 23:28 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\F-Secure
2009-04-30 23:28 . 2009-04-30 23:40 33408 ----a-w c:\windows\system32\drivers\fsbts.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-29 18:43 . 2007-04-11 22:14 -------- d-----w c:\program files\lx_cats
2009-05-29 18:37 . 2008-10-28 13:27 -------- d-----w c:\program files\Norton Security Scan
2009-05-29 02:23 . 2007-07-31 00:22 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-05-28 19:00 . 2007-04-26 23:39 -------- d-----w c:\program files\EMBARQ Online Security
2009-05-28 11:36 . 2007-08-01 16:48 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-28 10:56 . 2007-07-31 00:22 -------- d-----w c:\program files\Google
2009-05-13 19:44 . 2007-01-11 03:58 4830 ----a-w c:\documents and settings\corbo\Application Data\wklnhst.dat
2009-04-30 23:24 . 2008-03-19 00:19 -------- d-----w c:\documents and settings\All Users\Application Data\fssg
2009-04-30 23:24 . 2007-04-26 23:56 -------- d-----w c:\documents and settings\All Users\Application Data\F-Secure
2009-04-06 15:29 . 2007-04-26 23:56 79872 ----a-w c:\windows\system32\drivers\fsdfw.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-02-24 86016]
"lxcymon.exe"="c:\program files\Lexmark 3400 Series\lxcymon.exe" [2007-01-11 291760]
"EzPrint"="c:\program files\Lexmark 3400 Series\ezprint.exe" [2006-11-29 82864]
"LXCYCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-11-21 106496]
"Motive SmartBridge"="c:\progra~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe" [2008-04-23 438359]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
"F-Secure Manager"="c:\program files\EMBARQ Online Security\Common\FSM32.EXE" [2009-04-06 182936]
"F-Secure TNB"="c:\program files\EMBARQ Online Security\FSGUI\TNBUtil.exe" [2009-04-06 957024]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-08 61952]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ExpressPLNRnote.lnk.disabled [2007-5-8 1950]
Virtual Assistant.lnk.disabled [2007-5-8 1765]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave2"= serwvdrv.dll
"wave3"= serwvdrv.dll
"wave4"= serwvdrv.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"36132848641070256513766439578036"=c:\program files\Antivirus 2009\av2009.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Alcmtr"=ALCMTR.EXE
"AOLDialer"=c:\program files\Common Files\AOL\ACS\AOLDial.exe
"ehTray"=c:\windows\ehome\ehtray.exe
"HostManager"=c:\program files\Common Files\AOL\1168488503\ee\AOLSoftware.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"USSShReg"=c:\progra~1\ULEADS~1\ULEADP~1\SSaver\Ussshreg.exe /r
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe"
"RTHDCPL"=RTHDCPL.EXE
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"RealTray"=c:\program files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"nwiz"=nwiz.exe /install
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" /s

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1168488503\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\WINDOWS\\system32\\lxcycoms.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [4/30/2009 7:28 PM 33408]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [4/26/2007 7:56 PM 79872]
R1 CXAVSAUD;AOpen VA2000 Audio Capture;c:\windows\system32\drivers\cxavsaud.sys [8/17/2005 7:53 PM 9856]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\EMBARQ Online Security\HIPS\drivers\fshs.sys [4/30/2009 7:27 PM 67808]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [4/18/2008 5:30 AM 204800]
R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
R2 MSASPGHost;MSAS Plugin Host Service;c:\program files\OEM\MSASPGH\MSASPGHost.exe [9/9/2004 6:43 PM 49152]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\EMBARQ Online Security\Anti-Virus\minifilter\fsgk.sys [4/26/2007 7:55 PM 84608]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\EMBARQ Online Security\ORSP Client\fsorsp.exe [4/30/2009 7:27 PM 55904]
S2 gupdate1c994391bd90efd;Google Update Service (gupdate1c994391bd90efd);c:\program files\Google\Update\GoogleUpdate.exe [2/21/2009 11:28 AM 133104]
S3 Slnt7554;USB Soft Modem Driver;c:\windows\system32\drivers\slnt7554.sys [1/15/2007 8:10 PM 129535]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\EMBARQ Online Security\Anti-Virus\win2k\fsfilter.sys [4/26/2007 7:55 PM 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\EMBARQ Online Security\Anti-Virus\win2k\fsrec.sys [4/26/2007 7:55 PM 25184]
.
Contents of the 'Scheduled Tasks' folder

2009-05-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]

2009-05-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-31 16:17]

2009-05-29 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 15:28]

2009-05-28 c:\windows\Tasks\Norton Security Scan for corbo.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 01:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://myembarq.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\OUTLOO~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\EMBARQ Online Security\FSPS\program\FSLSP.DLL
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-29 14:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCYCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(780)
c:\program files\EMBARQ Online Security\FSPS\program\FSLSP.DLL

- - - - - - - > 'explorer.exe'(3900)
c:\progra~1\VIRTUA~1\SMARTB~1\SBHook.dll
c:\program files\AOL Deskbar\deskbar.dll
c:\program files\Common Files\AOL\AOL Toolbar\AOLHelper.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\windows\ehome\ehRecvr.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\ehome\ehSched.exe
c:\program files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe
c:\program files\EMBARQ Online Security\Common\FSMA32.EXE
c:\program files\EMBARQ Online Security\Common\FSMB32.EXE
c:\windows\system32\rundll32.exe
c:\program files\Virtual Assistant\SmartBridge\SprintDSLAlert.exe
c:\progra~1\EMBARQ~1\Common\FSM32.EXE
c:\program files\EMBARQ Online Security\Common\FCH32.EXE
c:\windows\system32\lxcycoms.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\java.exe
c:\program files\EMBARQ Online Security\Common\FAMEH32.EXE
c:\program files\EMBARQ Online Security\Anti-Virus\fsqh.exe
c:\program files\EMBARQ Online Security\FSPC\fspc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\progra~1\EMBARQ~1\FSGUI\fsguidll.exe
c:\windows\system32\dllhost.exe
c:\program files\EMBARQ Online Security\FSAUA\program\fsaua.exe
c:\program files\EMBARQ Online Security\FWES\program\fsdfwd.exe
c:\program files\EMBARQ Online Security\FSAUA\program\fsus.exe
c:\windows\system32\wscntfy.exe
c:\program files\EMBARQ Online Security\Anti-Virus\fsav32.exe
c:\program files\EMBARQ Online Security\Anti-Virus\fsgk32.exe
c:\program files\EMBARQ Online Security\Anti-Virus\fssm32.exe
.
**************************************************************************
.
Completion time: 2009-05-29 14:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-29 18:46
ComboFix2.txt 2009-05-28 22:52

Pre-Run: 233,788,145,664 bytes free
Post-Run: 233,724,624,896 bytes free

199



----------------------------------------------------------------------



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/30/2006 1:56:11 AM
System Uptime: 5/29/2009 2:41:57 PM (0 hours ago)

Motherboard: AOpen | | UX945G
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Socket 775 | 2800/200mhz
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Socket 775 | 2800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 230 GiB total, 217.709 GiB free.
D: is CDROM ()
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP388: 2/27/2009 8:53:33 PM - System Checkpoint
RP389: 3/1/2009 10:35:36 PM - System Checkpoint
RP390: 3/3/2009 7:14:24 PM - System Checkpoint
RP391: 3/6/2009 7:55:11 PM - System Checkpoint
RP392: 3/7/2009 8:32:17 PM - System Checkpoint
RP393: 3/8/2009 9:56:09 PM - System Checkpoint
RP394: 3/9/2009 10:32:55 PM - System Checkpoint
RP395: 3/11/2009 10:21:55 AM - System Checkpoint
RP396: 3/12/2009 5:09:17 PM - System Checkpoint
RP397: 3/14/2009 10:08:14 AM - System Checkpoint
RP398: 3/15/2009 10:10:40 AM - System Checkpoint
RP399: 3/16/2009 11:46:18 AM - System Checkpoint
RP400: 3/17/2009 1:33:01 PM - System Checkpoint
RP401: 3/18/2009 1:43:01 PM - System Checkpoint
RP402: 3/19/2009 3:16:34 PM - System Checkpoint
RP403: 3/21/2009 9:29:35 AM - System Checkpoint
RP404: 3/22/2009 10:47:53 AM - System Checkpoint
RP405: 3/23/2009 2:02:46 PM - System Checkpoint
RP406: 3/24/2009 3:13:59 PM - System Checkpoint
RP407: 3/25/2009 4:00:15 PM - System Checkpoint
RP408: 3/27/2009 9:46:43 AM - System Checkpoint
RP409: 3/29/2009 11:11:28 AM - System Checkpoint
RP410: 3/30/2009 12:49:01 PM - System Checkpoint
RP411: 3/31/2009 1:23:56 PM - System Checkpoint
RP412: 4/2/2009 8:20:36 AM - System Checkpoint
RP413: 4/3/2009 4:26:18 PM - System Checkpoint
RP414: 4/4/2009 5:07:01 PM - System Checkpoint
RP415: 4/5/2009 8:13:02 PM - Removed Google Earth Plugin.
RP416: 4/6/2009 8:20:37 PM - System Checkpoint
RP417: 4/8/2009 10:39:36 AM - System Checkpoint
RP418: 4/9/2009 10:43:46 AM - System Checkpoint
RP419: 4/10/2009 11:45:31 AM - System Checkpoint
RP420: 4/11/2009 12:55:26 PM - System Checkpoint
RP421: 4/14/2009 3:34:49 PM - System Checkpoint
RP422: 4/16/2009 9:35:20 AM - System Checkpoint
RP423: 4/17/2009 12:13:00 PM - System Checkpoint
RP424: 4/18/2009 12:37:32 PM - System Checkpoint
RP425: 4/19/2009 1:01:54 PM - System Checkpoint
RP426: 4/21/2009 8:18:08 AM - System Checkpoint
RP427: 4/25/2009 7:14:10 PM - System Checkpoint
RP428: 4/26/2009 7:20:06 PM - System Checkpoint
RP429: 4/27/2009 7:31:24 PM - System Checkpoint
RP430: 4/28/2009 8:24:30 PM - System Checkpoint
RP431: 4/30/2009 9:35:57 AM - System Checkpoint
RP432: 4/30/2009 7:26:44 PM - psc 8.02 build 109 Installation
RP433: 5/1/2009 7:49:26 PM - System Checkpoint
RP434: 5/3/2009 9:41:07 AM - System Checkpoint
RP435: 5/4/2009 10:56:00 AM - System Checkpoint
RP436: 5/6/2009 9:02:11 AM - System Checkpoint
RP437: 5/7/2009 9:02:40 AM - System Checkpoint
RP438: 5/8/2009 9:59:29 AM - System Checkpoint
RP439: 5/9/2009 10:39:49 AM - System Checkpoint
RP440: 5/10/2009 12:52:29 PM - System Checkpoint
RP441: 5/12/2009 8:40:29 AM - System Checkpoint
RP442: 5/13/2009 2:58:16 PM - System Checkpoint
RP443: 5/15/2009 12:54:37 PM - System Checkpoint
RP444: 5/17/2009 10:59:04 AM - System Checkpoint
RP445: 5/18/2009 11:01:29 AM - System Checkpoint
RP446: 5/19/2009 6:12:01 PM - System Checkpoint
RP447: 5/20/2009 6:35:46 PM - System Checkpoint
RP448: 5/21/2009 7:43:14 PM - System Checkpoint
RP449: 5/24/2009 11:59:14 AM - System Checkpoint
RP450: 5/25/2009 2:40:05 PM - System Checkpoint
RP451: 5/27/2009 8:15:31 AM - System Checkpoint
RP452: 5/28/2009 6:56:06 AM - Removed Google Earth Plugin.

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Deskbar
AOL Toolbar
AOL Uninstaller
AOL You've Got Pictures Screensaver
AOpen VA2000 WDM Drivers
Apple Software Update
ArcSoft TotalMedia Extreme
EMBARQ Help
EMBARQ® Online Security
GolfLogix Course Manager 1.2
Google Earth
Google Earth Plugin
Google Earth Pro
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hallmark Card Studio Express
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB888795)
Java(TM) 6 Update 3
Lexmark 3400 Series
Lexmark Fax Solutions
Lexmark Toolbar
Linksys EasyLink Advisor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Works
MSASPGH
MSXML 6.0 Parser (KB925673)
Nero Suite
Netflix Movie Viewer
Norton Security Scan
Norton Security Scan (Symantec Corporation)
NVIDIA Drivers
PL-2303 USB-to-Serial
PowerDVD
Pure Networks Platform
Quicken 2006
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
Spybot - Search & Destroy
Ulead PhotoImpact 4.0
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
Viewpoint Media Player
WebFldrs XP
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB891220
Windows XP Hotfix - KB892627
Windows XP Hotfix - KB893056
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB890629
Windows XP Media Center Edition 2005 KB890760
Windows XP Media Center Edition 2005 KB895678
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

5/29/2009 12:06:45 AM, error: PlugPlayManager [11] - The device Root\LEGACY_FSBL\0000 disappeared from the system without first being prepared for removal.
5/28/2009 6:47:25 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
5/27/2009 5:35:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
5/27/2009 5:35:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/27/2009 5:33:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
5/27/2009 5:33:34 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2009 5:33:34 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2009 5:33:34 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2009 5:33:34 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2009 5:32:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
5/27/2009 5:32:56 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/27/2009 4:39:27 PM, error: Print [6161] - The document http://www.geekstogo.com/forum/fssm32-exe-taking-all-CPU-resolv owned by corbo failed to print on printer Lexmark 3400 Series. Data type: LEMF. Size of the spool file in bytes: 578368. Number of bytes printed: 578368. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\DAN. Win32 error code returned by the print processor: 0 (0x0).

==== End Of File ===========================


DDS (Ver_09-05-14.01) - NTFSx86
Run by corbo at 14:53:39.14 on Fri 05/29/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.379 [GMT -4:00]

AV: EMBARQ® Online Security 8.02 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: EMBARQ® Online Security 8.02 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe
C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE
C:\Program Files\EMBARQ Online Security\Common\FSMB32.EXE
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe
C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\EMBARQ Online Security\Common\FCH32.EXE
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\java.exe
c:\program files\oem\msaspgh\msaspghost.exe
C:\Program Files\EMBARQ Online Security\Common\FAMEH32.EXE
C:\Program Files\EMBARQ Online Security\Anti-Virus\fsqh.exe
C:\Program Files\EMBARQ Online Security\FSPC\fspc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\EMBARQ Online Security\FSGUI\fsguidll.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe
C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe
C:\Program Files\EMBARQ Online Security\FSAUA\program\fsus.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\EMBARQ Online Security\Anti-Virus\fsav32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\EMBARQ Online Security\Anti-Virus\FSGK32.EXE
C:\Program Files\EMBARQ Online Security\Anti-Virus\fssm32.exe
C:\Documents and Settings\corbo\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://myembarq.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [lxcymon.exe] "c:\program files\lexmark 3400 series\lxcymon.exe"
mRun: [EzPrint] "c:\program files\lexmark 3400 series\ezprint.exe"
mRun: [LXCYCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCYtime.dll,_RunDLLEntry@16
mRun: [Motive SmartBridge] c:\progra~1\virtua~1\smartb~1\SprintDSLAlert.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [LELA] "c:\program files\linksys\linksys easylink advisor\Linksys EasyLink Advisor.exe" /minimized
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [F-Secure Manager] "c:\program files\embarq online security\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\embarq online security\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\ExpressPLNRnote.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Virtual Assistant.lnk.disabled
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\outloo~1\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {200DB664-75B5-47c0-8B45-A44ACCF73C00} - {D68926FD-18FD-4B0E-A1C7-917D13FAB760} - c:\program files\embarq online security\fspc\fspcmsie.dll
IE: {200DB664-75B5-47c0-8B45-A44ACCF73F01} - {D68926FD-18FD-4B0E-A1C7-917D13FAB760} - c:\program files\embarq online security\fspc\fspcmsie.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\outloo~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\embarq online security\fsps\program\FSLSP.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll

============= SERVICES / DRIVERS ===============

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-4-30 33408]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2007-4-26 79872]
R1 CXAVSAUD;AOpen VA2000 Audio Capture;c:\windows\system32\drivers\cxavsaud.sys [2005-8-17 9856]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\embarq online security\hips\drivers\fshs.sys [2009-4-30 67808]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\embarq online security\anti-virus\fsgk32st.exe [2007-4-26 215648]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-4-18 204800]
R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
R2 MSASPGHost;MSAS Plugin Host Service;c:\program files\oem\msaspgh\MSASPGHost.exe [2004-9-9 49152]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\embarq online security\anti-virus\minifilter\fsgk.sys [2007-4-26 84608]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\embarq online security\orsp client\fsorsp.exe [2009-4-30 55904]
S2 gupdate1c994391bd90efd;Google Update Service (gupdate1c994391bd90efd);c:\program files\google\update\GoogleUpdate.exe [2009-2-21 133104]
S3 Slnt7554;USB Soft Modem Driver;c:\windows\system32\drivers\slnt7554.sys [2007-1-15 129535]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\embarq online security\anti-virus\win2k\fsfilter.sys [2007-4-26 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\embarq online security\anti-virus\win2k\fsrec.sys [2007-4-26 25184]

=============== Created Last 30 ================

2009-05-28 18:43 <DIR> a-dshr-- C:\cmdcons
2009-05-28 18:42 161,792 a------- c:\windows\SWREG.exe
2009-05-28 18:42 154,624 a------- c:\windows\PEV.exe
2009-05-28 18:42 98,816 a------- c:\windows\sed.exe
2009-05-27 16:47 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-05-27 16:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-04-30 19:28 33,408 a------- c:\windows\system32\drivers\fsbts.sys

==================== Find3M ====================

2009-05-13 15:44 4,830 a------- c:\docume~1\corbo\applic~1\wklnhst.dat
2009-04-06 11:29 79,872 a------- c:\windows\system32\drivers\fsdfw.sys

============= FINISH: 14:53:50.14 ===============


----------------------------------------------------------------------





UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/30/2006 1:56:11 AM
System Uptime: 5/29/2009 2:41:57 PM (0 hours ago)

Motherboard: AOpen | | UX945G
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Socket 775 | 2800/200mhz
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Socket 775 | 2800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 230 GiB total, 217.709 GiB free.
D: is CDROM ()
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP388: 2/27/2009 8:53:33 PM - System Checkpoint
RP389: 3/1/2009 10:35:36 PM - System Checkpoint
RP390: 3/3/2009 7:14:24 PM - System Checkpoint
RP391: 3/6/2009 7:55:11 PM - System Checkpoint
RP392: 3/7/2009 8:32:17 PM - System Checkpoint
RP393: 3/8/2009 9:56:09 PM - System Checkpoint
RP394: 3/9/2009 10:32:55 PM - System Checkpoint
RP395: 3/11/2009 10:21:55 AM - System Checkpoint
RP396: 3/12/2009 5:09:17 PM - System Checkpoint
RP397: 3/14/2009 10:08:14 AM - System Checkpoint
RP398: 3/15/2009 10:10:40 AM - System Checkpoint
RP399: 3/16/2009 11:46:18 AM - System Checkpoint
RP400: 3/17/2009 1:33:01 PM - System Checkpoint
RP401: 3/18/2009 1:43:01 PM - System Checkpoint
RP402: 3/19/2009 3:16:34 PM - System Checkpoint
RP403: 3/21/2009 9:29:35 AM - System Checkpoint
RP404: 3/22/2009 10:47:53 AM - System Checkpoint
RP405: 3/23/2009 2:02:46 PM - System Checkpoint
RP406: 3/24/2009 3:13:59 PM - System Checkpoint
RP407: 3/25/2009 4:00:15 PM - System Checkpoint
RP408: 3/27/2009 9:46:43 AM - System Checkpoint
RP409: 3/29/2009 11:11:28 AM - System Checkpoint
RP410: 3/30/2009 12:49:01 PM - System Checkpoint
RP411: 3/31/2009 1:23:56 PM - System Checkpoint
RP412: 4/2/2009 8:20:36 AM - System Checkpoint
RP413: 4/3/2009 4:26:18 PM - System Checkpoint
RP414: 4/4/2009 5:07:01 PM - System Checkpoint
RP415: 4/5/2009 8:13:02 PM - Removed Google Earth Plugin.
RP416: 4/6/2009 8:20:37 PM - System Checkpoint
RP417: 4/8/2009 10:39:36 AM - System Checkpoint
RP418: 4/9/2009 10:43:46 AM - System Checkpoint
RP419: 4/10/2009 11:45:31 AM - System Checkpoint
RP420: 4/11/2009 12:55:26 PM - System Checkpoint
RP421: 4/14/2009 3:34:49 PM - System Checkpoint
RP422: 4/16/2009 9:35:20 AM - System Checkpoint
RP423: 4/17/2009 12:13:00 PM - System Checkpoint
RP424: 4/18/2009 12:37:32 PM - System Checkpoint
RP425: 4/19/2009 1:01:54 PM - System Checkpoint
RP426: 4/21/2009 8:18:08 AM - System Checkpoint
RP427: 4/25/2009 7:14:10 PM - System Checkpoint
RP428: 4/26/2009 7:20:06 PM - System Checkpoint
RP429: 4/27/2009 7:31:24 PM - System Checkpoint
RP430: 4/28/2009 8:24:30 PM - System Checkpoint
RP431: 4/30/2009 9:35:57 AM - System Checkpoint
RP432: 4/30/2009 7:26:44 PM - psc 8.02 build 109 Installation
RP433: 5/1/2009 7:49:26 PM - System Checkpoint
RP434: 5/3/2009 9:41:07 AM - System Checkpoint
RP435: 5/4/2009 10:56:00 AM - System Checkpoint
RP436: 5/6/2009 9:02:11 AM - System Checkpoint
RP437: 5/7/2009 9:02:40 AM - System Checkpoint
RP438: 5/8/2009 9:59:29 AM - System Checkpoint
RP439: 5/9/2009 10:39:49 AM - System Checkpoint
RP440: 5/10/2009 12:52:29 PM - System Checkpoint
RP441: 5/12/2009 8:40:29 AM - System Checkpoint
RP442: 5/13/2009 2:58:16 PM - System Checkpoint
RP443: 5/15/2009 12:54:37 PM - System Checkpoint
RP444: 5/17/2009 10:59:04 AM - System Checkpoint
RP445: 5/18/2009 11:01:29 AM - System Checkpoint
RP446: 5/19/2009 6:12:01 PM - System Checkpoint
RP447: 5/20/2009 6:35:46 PM - System Checkpoint
RP448: 5/21/2009 7:43:14 PM - System Checkpoint
RP449: 5/24/2009 11:59:14 AM - System Checkpoint
RP450: 5/25/2009 2:40:05 PM - System Checkpoint
RP451: 5/27/2009 8:15:31 AM - System Checkpoint
RP452: 5/28/2009 6:56:06 AM - Removed Google Earth Plugin.

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Deskbar
AOL Toolbar
AOL Uninstaller
AOL You've Got Pictures Screensaver
AOpen VA2000 WDM Drivers
Apple Software Update
ArcSoft TotalMedia Extreme
EMBARQ Help
EMBARQ® Online Security
GolfLogix Course Manager 1.2
Google Earth
Google Earth Plugin
Google Earth Pro
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hallmark Card Studio Express
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB888795)
Java(TM) 6 Update 3
Lexmark 3400 Series
Lexmark Fax Solutions
Lexmark Toolbar
Linksys EasyLink Advisor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Works
MSASPGH
MSXML 6.0 Parser (KB925673)
Nero Suite
Netflix Movie Viewer
Norton Security Scan
Norton Security Scan (Symantec Corporation)
NVIDIA Drivers
PL-2303 USB-to-Serial
PowerDVD
Pure Networks Platform
Quicken 2006
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
Spybot - Search & Destroy
Ulead PhotoImpact 4.0
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
Viewpoint Media Player
WebFldrs XP
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB891220
Windows XP Hotfix - KB892627
Windows XP Hotfix - KB893056
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB890629
Windows XP Media Center Edition 2005 KB890760
Windows XP Media Center Edition 2005 KB895678
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

5/29/2009 12:06:45 AM, error: PlugPlayManager [11] - The device Root\LEGACY_FSBL\0000 disappeared from the system without first being prepared for removal.
5/28/2009 6:47:25 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
5/27/2009 5:35:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
5/27/2009 5:35:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/27/2009 5:33:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
5/27/2009 5:33:34 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2009 5:33:34 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2009 5:33:34 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2009 5:33:34 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2009 5:32:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
5/27/2009 5:32:56 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/27/2009 4:39:27 PM, error: Print [6161] - The document http://www.geekstogo.com/forum/fssm32-exe-taking-all-CPU-resolv owned by corbo failed to print on printer Lexmark 3400 Series. Data type: LEMF. Size of the spool file in bytes: 578368. Number of bytes printed: 578368. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\DAN. Win32 error code returned by the print processor: 0 (0x0).

==== End Of File ===========================



----------------------------------------------------------------------

DDS (Ver_09-05-14.01) - NTFSx86
Run by corbo at 14:53:39.14 on Fri 05/29/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.379 [GMT -4:00]

AV: EMBARQ® Online Security 8.02 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: EMBARQ® Online Security 8.02 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe
C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE
C:\Program Files\EMBARQ Online Security\Common\FSMB32.EXE
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe
C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\EMBARQ Online Security\Common\FCH32.EXE
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\java.exe
c:\program files\oem\msaspgh\msaspghost.exe
C:\Program Files\EMBARQ Online Security\Common\FAMEH32.EXE
C:\Program Files\EMBARQ Online Security\Anti-Virus\fsqh.exe
C:\Program Files\EMBARQ Online Security\FSPC\fspc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\EMBARQ Online Security\FSGUI\fsguidll.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe
C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe
C:\Program Files\EMBARQ Online Security\FSAUA\program\fsus.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\EMBARQ Online Security\Anti-Virus\fsav32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\EMBARQ Online Security\Anti-Virus\FSGK32.EXE
C:\Program Files\EMBARQ Online Security\Anti-Virus\fssm32.exe
C:\Documents and Settings\corbo\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://myembarq.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [lxcymon.exe] "c:\program files\lexmark 3400 series\lxcymon.exe"
mRun: [EzPrint] "c:\program files\lexmark 3400 series\ezprint.exe"
mRun: [LXCYCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCYtime.dll,_RunDLLEntry@16
mRun: [Motive SmartBridge] c:\progra~1\virtua~1\smartb~1\SprintDSLAlert.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [LELA] "c:\program files\linksys\linksys easylink advisor\Linksys EasyLink Advisor.exe" /minimized
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [F-Secure Manager] "c:\program files\embarq online security\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\embarq online security\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\ExpressPLNRnote.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Virtual Assistant.lnk.disabled
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\outloo~1\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {200DB664-75B5-47c0-8B45-A44ACCF73C00} - {D68926FD-18FD-4B0E-A1C7-917D13FAB760} - c:\program files\embarq online security\fspc\fspcmsie.dll
IE: {200DB664-75B5-47c0-8B45-A44ACCF73F01} - {D68926FD-18FD-4B0E-A1C7-917D13FAB760} - c:\program files\embarq online security\fspc\fspcmsie.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\outloo~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\embarq online security\fsps\program\FSLSP.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll

============= SERVICES / DRIVERS ===============

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-4-30 33408]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2007-4-26 79872]
R1 CXAVSAUD;AOpen VA2000 Audio Capture;c:\windows\system32\drivers\cxavsaud.sys [2005-8-17 9856]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\embarq online security\hips\drivers\fshs.sys [2009-4-30 67808]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\embarq online security\anti-virus\fsgk32st.exe [2007-4-26 215648]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-4-18 204800]
R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
R2 MSASPGHost;MSAS Plugin Host Service;c:\program files\oem\msaspgh\MSASPGHost.exe [2004-9-9 49152]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\embarq online security\anti-virus\minifilter\fsgk.sys [2007-4-26 84608]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\embarq online security\orsp client\fsorsp.exe [2009-4-30 55904]
S2 gupdate1c994391bd90efd;Google Update Service (gupdate1c994391bd90efd);c:\program files\google\update\GoogleUpdate.exe [2009-2-21 133104]
S3 Slnt7554;USB Soft Modem Driver;c:\windows\system32\drivers\slnt7554.sys [2007-1-15 129535]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\embarq online security\anti-virus\win2k\fsfilter.sys [2007-4-26 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\embarq online security\anti-virus\win2k\fsrec.sys [2007-4-26 25184]

=============== Created Last 30 ================

2009-05-28 18:43 <DIR> a-dshr-- C:\cmdcons
2009-05-28 18:42 161,792 a------- c:\windows\SWREG.exe
2009-05-28 18:42 154,624 a------- c:\windows\PEV.exe
2009-05-28 18:42 98,816 a------- c:\windows\sed.exe
2009-05-27 16:47 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-05-27 16:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-04-30 19:28 33,408 a------- c:\windows\system32\drivers\fsbts.sys

==================== Find3M ====================

2009-05-13 15:44 4,830 a------- c:\docume~1\corbo\applic~1\wklnhst.dat
2009-04-06 11:29 79,872 a------- c:\windows\system32\drivers\fsdfw.sys

============= FINISH: 14:53:50.14 ===============

Blade81
2009-05-29, 23:27
Hi again lt1bird,

Please do those old version uninstallations and new version installations for Adobe Reader & Java. Then post a fresh dds log. I'm also waiting for Kaspersky online scanner report.

lt1bird
2009-05-30, 03:50
DDS (Ver_09-05-14.01) - NTFSx86
Run by corbo at 20:45:29.70 on Fri 05/29/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.619 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\oem\msaspgh\msaspghost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\corbo\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://myembarq.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [lxcymon.exe] "c:\program files\lexmark 3400 series\lxcymon.exe"
mRun: [EzPrint] "c:\program files\lexmark 3400 series\ezprint.exe"
mRun: [LXCYCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCYtime.dll,_RunDLLEntry@16
mRun: [LELA] "c:\program files\linksys\linksys easylink advisor\Linksys EasyLink Advisor.exe" /minimized
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\ExpressPLNRnote.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Virtual Assistant.lnk.disabled
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\outloo~1\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\outloo~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll

============= SERVICES / DRIVERS ===============

R1 CXAVSAUD;AOpen VA2000 Audio Capture;c:\windows\system32\drivers\cxavsaud.sys [2005-8-17 9856]
R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
R2 MSASPGHost;MSAS Plugin Host Service;c:\program files\oem\msaspgh\MSASPGHost.exe [2004-9-9 49152]
S2 gupdate1c994391bd90efd;Google Update Service (gupdate1c994391bd90efd);c:\program files\google\update\GoogleUpdate.exe [2009-2-21 133104]
S2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-4-18 204800]
S3 Slnt7554;USB Soft Modem Driver;c:\windows\system32\drivers\slnt7554.sys [2007-1-15 129535]

=============== Created Last 30 ================

2009-05-29 15:35 <DIR> --d----- c:\program files\JavaFX
2009-05-29 15:34 <DIR> --d----- c:\program files\Sun
2009-05-29 15:34 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-29 15:34 73,728 a------- c:\windows\system32\javacpl.cpl
2009-05-29 15:13 <DIR> --d----- c:\windows\system32\appmgmt
2009-05-28 18:43 <DIR> a-dshr-- C:\cmdcons
2009-05-28 18:42 161,792 a------- c:\windows\SWREG.exe
2009-05-28 18:42 154,624 a------- c:\windows\PEV.exe
2009-05-28 18:42 98,816 a------- c:\windows\sed.exe
2009-05-27 16:47 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-05-27 16:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

==================== Find3M ====================

2009-05-13 15:44 4,830 a------- c:\docume~1\corbo\applic~1\wklnhst.dat

============= FINISH: 20:45:45.29 ===============



-------------------------------------------------------------------------

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/30/2006 1:56:11 AM
System Uptime: 5/29/2009 8:39:53 PM (0 hours ago)

Motherboard: AOpen | | UX945G
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Socket 775 | 2800/200mhz
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Socket 775 | 2800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 230 GiB total, 217.538 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP389: 3/1/2009 10:35:36 PM - System Checkpoint
RP390: 3/3/2009 7:14:24 PM - System Checkpoint
RP391: 3/6/2009 7:55:11 PM - System Checkpoint
RP392: 3/7/2009 8:32:17 PM - System Checkpoint
RP393: 3/8/2009 9:56:09 PM - System Checkpoint
RP394: 3/9/2009 10:32:55 PM - System Checkpoint
RP395: 3/11/2009 10:21:55 AM - System Checkpoint
RP396: 3/12/2009 5:09:17 PM - System Checkpoint
RP397: 3/14/2009 10:08:14 AM - System Checkpoint
RP398: 3/15/2009 10:10:40 AM - System Checkpoint
RP399: 3/16/2009 11:46:18 AM - System Checkpoint
RP400: 3/17/2009 1:33:01 PM - System Checkpoint
RP401: 3/18/2009 1:43:01 PM - System Checkpoint
RP402: 3/19/2009 3:16:34 PM - System Checkpoint
RP403: 3/21/2009 9:29:35 AM - System Checkpoint
RP404: 3/22/2009 10:47:53 AM - System Checkpoint
RP405: 3/23/2009 2:02:46 PM - System Checkpoint
RP406: 3/24/2009 3:13:59 PM - System Checkpoint
RP407: 3/25/2009 4:00:15 PM - System Checkpoint
RP408: 3/27/2009 9:46:43 AM - System Checkpoint
RP409: 3/29/2009 11:11:28 AM - System Checkpoint
RP410: 3/30/2009 12:49:01 PM - System Checkpoint
RP411: 3/31/2009 1:23:56 PM - System Checkpoint
RP412: 4/2/2009 8:20:36 AM - System Checkpoint
RP413: 4/3/2009 4:26:18 PM - System Checkpoint
RP414: 4/4/2009 5:07:01 PM - System Checkpoint
RP415: 4/5/2009 8:13:02 PM - Removed Google Earth Plugin.
RP416: 4/6/2009 8:20:37 PM - System Checkpoint
RP417: 4/8/2009 10:39:36 AM - System Checkpoint
RP418: 4/9/2009 10:43:46 AM - System Checkpoint
RP419: 4/10/2009 11:45:31 AM - System Checkpoint
RP420: 4/11/2009 12:55:26 PM - System Checkpoint
RP421: 4/14/2009 3:34:49 PM - System Checkpoint
RP422: 4/16/2009 9:35:20 AM - System Checkpoint
RP423: 4/17/2009 12:13:00 PM - System Checkpoint
RP424: 4/18/2009 12:37:32 PM - System Checkpoint
RP425: 4/19/2009 1:01:54 PM - System Checkpoint
RP426: 4/21/2009 8:18:08 AM - System Checkpoint
RP427: 4/25/2009 7:14:10 PM - System Checkpoint
RP428: 4/26/2009 7:20:06 PM - System Checkpoint
RP429: 4/27/2009 7:31:24 PM - System Checkpoint
RP430: 4/28/2009 8:24:30 PM - System Checkpoint
RP431: 4/30/2009 9:35:57 AM - System Checkpoint
RP432: 4/30/2009 7:26:44 PM - psc 8.02 build 109 Installation
RP433: 5/1/2009 7:49:26 PM - System Checkpoint
RP434: 5/3/2009 9:41:07 AM - System Checkpoint
RP435: 5/4/2009 10:56:00 AM - System Checkpoint
RP436: 5/6/2009 9:02:11 AM - System Checkpoint
RP437: 5/7/2009 9:02:40 AM - System Checkpoint
RP438: 5/8/2009 9:59:29 AM - System Checkpoint
RP439: 5/9/2009 10:39:49 AM - System Checkpoint
RP440: 5/10/2009 12:52:29 PM - System Checkpoint
RP441: 5/12/2009 8:40:29 AM - System Checkpoint
RP442: 5/13/2009 2:58:16 PM - System Checkpoint
RP443: 5/15/2009 12:54:37 PM - System Checkpoint
RP444: 5/17/2009 10:59:04 AM - System Checkpoint
RP445: 5/18/2009 11:01:29 AM - System Checkpoint
RP446: 5/19/2009 6:12:01 PM - System Checkpoint
RP447: 5/20/2009 6:35:46 PM - System Checkpoint
RP448: 5/21/2009 7:43:14 PM - System Checkpoint
RP449: 5/24/2009 11:59:14 AM - System Checkpoint
RP450: 5/25/2009 2:40:05 PM - System Checkpoint
RP451: 5/27/2009 8:15:31 AM - System Checkpoint
RP452: 5/28/2009 6:56:06 AM - Removed Google Earth Plugin.
RP453: 5/29/2009 3:12:24 PM - Removed Java(TM) 6 Update 3
RP454: 5/29/2009 3:32:20 PM - Installed Java(TM) SE Development Kit 6 Update 13
RP455: 5/29/2009 3:33:52 PM - Installed Java(TM) 6 Update 13
RP456: 5/29/2009 3:35:07 PM - Installed JavaFX(TM) 1.1 SDK
RP457: 5/29/2009 8:38:20 PM - Removed Adobe Reader 8.1.2

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Adobe Flash Player ActiveX
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Uninstaller
AOL You've Got Pictures Screensaver
AOpen VA2000 WDM Drivers
Apple Software Update
ArcSoft TotalMedia Extreme
GolfLogix Course Manager 1.2
Google Earth
Google Earth Plugin
Google Earth Pro
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hallmark Card Studio Express
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB888795)
Java DB 10.4.1.3
Java(TM) 6 Update 13
Java(TM) SE Development Kit 6 Update 13
JavaFX(TM) 1.1 SDK
Lexmark 3400 Series
Lexmark Fax Solutions
Lexmark Toolbar
Linksys EasyLink Advisor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Works
MSASPGH
MSXML 6.0 Parser (KB925673)
Nero Suite
Netflix Movie Viewer
NVIDIA Drivers
PL-2303 USB-to-Serial
PowerDVD
Pure Networks Platform
Quicken 2006
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
Spybot - Search & Destroy
Ulead PhotoImpact 4.0
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
Viewpoint Media Player
WebFldrs XP
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB891220
Windows XP Hotfix - KB892627
Windows XP Hotfix - KB893056
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB890629
Windows XP Media Center Edition 2005 KB890760
Windows XP Media Center Edition 2005 KB895678
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

5/29/2009 3:45:03 PM, error: Service Control Manager [7034] - The Linksys Updater service terminated unexpectedly. It has done this 1 time(s).
5/29/2009 12:06:45 AM, error: PlugPlayManager [11] - The device Root\LEGACY_FSBL\0000 disappeared from the system without first being prepared for removal.
5/28/2009 6:47:25 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
5/27/2009 5:35:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
5/27/2009 5:35:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/27/2009 5:33:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
5/27/2009 5:33:34 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2009 5:33:34 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2009 5:33:34 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2009 5:33:34 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2009 5:32:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
5/27/2009 5:32:56 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/27/2009 4:39:27 PM, error: Print [6161] - The document http://www.geekstogo.com/forum/fssm32-exe-taking-all-CPU-resolv owned by corbo failed to print on printer Lexmark 3400 Series. Data type: LEMF. Size of the spool file in bytes: 578368. Number of bytes printed: 578368. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\DAN. Win32 error code returned by the print processor: 0 (0x0).

==== End Of File ===========================



--------------------------------------------------------------------------
kapersky scan
Im sorry, I acidently saved it wrong....There was only one issue found.... called
"this-is-not-adaware- " file.....

Blade81
2009-05-30, 13:43
Hi

Log looks ok to me. If the CPU issue still occurs could you try reinstall EMBARQ® Online Security?

lt1bird
2009-05-30, 14:49
I deleted embarque security and the problem went away....But im sure you know that :) I Bought norton and will load that onto the machine....The norton is a bit eaier for my parents to use.....

System running perfect...

Thanks again!!

Blade81
2009-05-31, 10:42
Good to hear that problem is solved :)

Now lets uninstall ComboFix:

Click START then RUN
Now type "c:\documents and settings\corbo\Desktop\ComboFix.exe" /u in the runbox and click OK


You may delete dds.com file and related logs too.

Blade81
2009-06-07, 14:15
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.